Automated Decomposition and Allocation of Automotive Safety Integrity Levels Using Exact Solvers 2015-01-0156

The number of software-intensive and complex electronic automotive systems is continuously increasing. Many of these systems are safety-critical and pose growing safety-related concerns. ISO 26262 is the automotive functional safety standard developed for the passenger car industry. It provides guidelines to reduce and control the risk associated with safety-critical systems that include electric and (programmable) electronic parts. The standard uses the concept of Automotive Safety Integrity Levels (ASILs) to decompose and allocate safety requirements of different stringencies to the elements of a system architecture in a top-down manner: ASILs are assigned to system-level hazards, and then they are iteratively decomposed and allocated to relevant subsystems and components.

ASIL decomposition rules may give rise to multiple alternative allocations, leading to an optimization problem of finding the cost-optimal allocations. Recognizing the difficulties of the problem, researchers have proposed dedicated tools using heuristics, such as Tabu search and genetic algorithms. However, these algorithms may find near-optimal solutions, potentially missing the optimal solutions desired by stakeholders.

In this paper, we aim at finding all optimal ASIL allocations using off-the-shelf solvers. We implement our approach using three major classes of state-of-the-art solvers: CSP (Constraint Satisfaction Problem), SMT (Satisfiability Modulo Theories), and ILP (Integer Linear Programming). We evaluate the feasibility and performance of our approach on three variants of a real-world Hybrid Braking System for electrical vehicle integration.